1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Possible fake Norton's adviser intruding on Laptop

Discussion in 'Virus & Other Malware Removal' started by Talshere, Jul 22, 2019.

Thread Status:
Not open for further replies.
  1. Talshere

    Talshere Thread Starter

    Jan 12, 2012

    My partners father has contacted me saying hes had a very suspicious phone call with a representative from "Nortons".

    He bought a new licence key for Nortons from John Lewis, entered the number into the website it had on the card. It said it couldn't authenticated the key and directed him to a website with a phone number. A popup came up where someone on an online chat gave him a number to call. Which he did.

    The gentleman he spoke to then spend an hour on the phone with him, asking for access to control his computer (which he gave), put a program on the desktop (see image, described as a "Advanced Identity Protection") and gave him this massive spiel about how he needed to upgrade because people had been accessing his computer, basically googled "whats my IP" to show physical address was compromised then said he needed this $200 - $500 (which is odd in itself because this is the UK we dont use USD) program to "put a fire wall round his home".

    It was at this point he got suspicious, said he needed to think about it and called me.

    Ive got him to run MalwareBytes which has found a plethora of issues (attached txt file) and the suspicious looking icon has gone.

    After malwarebytes started quarantining, Nortons said it had found a "Bloodhound" which I understand is a Backdoor program.

    Do I need to advise him to do anything else and just how compromised might he be?

    Attached Files:

    Last edited: Jul 22, 2019
  2. iMacg3

    iMacg3 Malware Specialist

    Nov 3, 2018
    Hi Talshere, Welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not run any fixes or tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.


    What is the file path of the Norton detection?

    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.


    In your next reply, please include:
    • FRST.txt
    • Addition.txt
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1230398

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice